Available Zones

The following table summarizes the zones that can be queried, the Spamhaus databases they are connected to, and the possible return codes (represented by A records in the answers to DNS lookups, and by numeric response codes in HTTP lookup replies).

Return Codes

DNSBLs return one or more A records for positive replies.Each returned A record (associated with a different IP) is used to represent a specific message.Return codes provided by the HTTP API are 1-to-1 mapped to such A records.

Zone Type Database(s) Return Codes
sbl IP SBL * 127.0.0.2 (1002) - SBL
* 127.0.0.3 (1003) - CSS (automated)
* 127.0.0.9 (1009) - DROP (always in addition to SBL)
xbl IP XBL * 127.0.0.4 (1004) - CBL
* from 127.0.0.5 (1005) to .7 (1007) - currently unused
sbl-xbl IP SBL+XBL * 127.0.0.2 (1002) - SBL
* 127.0.0.3 (1003) - CSS
* 127.0.0.9 (1009) - DROP
* 127.0.0.4 (1004) - CBL
(see details above)
pbl IP PBL * 127.0.0.10 (1010) - entry maintained by ISP
* 127.0.0.11 (1011) - entry maintained by Spamhaus
zen IP SBL+XBL+PBL * 127.0.0.2 (1002) - SBL
* 127.0.0.3 (1003) - CSS
* 127.0.0.9 (1009) - DROP
* 127.0.0.4 (1004) - CBL
* 127.0.0.10 (1010) - PBL
* 127.0.0.11 (1011) - PBL
(see details above)
authbl IP AuthBL * 127.0.0.20 (1020) - AuthBL
dbl Domain DBL * 127.0.1.2 (2002) - low-reputation domain
* 127.0.1.4 (2004) - phishing-related domain
* 127.0.1.5 (2005) - malware-related domain
* 127.0.1.6 (2006) - botnet C&C domain
* 127.0.1.102 (2102) - abused-legit domain
* 127.0.1.103 (2103) - abused redirector
* 127.0.1.104 (2104) - abused domain used in phishing
* 127.0.1.105 (2105) - abused domain used by malware
* 127.0.1.106 (2106) - abused domain hosting C&C
* 127.0.1.255 - ERROR: IP query against a domain list (DNS only)
zrd Domain ZRD * 127.0.2.2 (3002) - domain first seen between 0 and 2 hours ago
* 127.0.2.3 (3003) - domain first seen between 2 and 3 hours ago
* […]
* 127.0.2.24 (3024) - domain first seen between 23 and 24 hours ago